<?php namespace App\Http\Middleware;

use Closure;
use App\Models\User;

class RoleMiddleware {

	public function handle($request, Closure $next, $role) {
    $token = $request->session()->get('token');
		if ($token == false) {
			return view('admin/login');
		}
    $user = User::find($token['user_id']);
    if($user->can($role) == false){
      $data = ['msg'=>'无效的操作权限', 'url'=>HTTP_REFERER];
      return view('common/warning', $data);
    }
		return $next($request);
	}

}